Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-06 | CVE-2016-1000124 | SQL Injection vulnerability in Huge-It Portfolio Gallery 1.0.6 Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 | 9.8 |
| 2016-10-06 | CVE-2016-1000123 | SQL Injection vulnerability in Huge-It Video Gallery 1.0.9 Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla | 9.8 |
| 2016-10-06 | CVE-2016-1000113 | SQL Injection vulnerability in Huge-It Gallery 1.1.5 XSS and SQLi in huge IT gallery v1.1.5 for Joomla | 9.8 |
| 2016-10-06 | CVE-2016-1000000 | SQL Injection vulnerability in Progress Whatsup Gold Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | 8.8 |
| 2016-10-06 | CVE-2015-1000011 | SQL Injection vulnerability in Dukapress Project Dukapress 2.5.9 Blind SQL Injection in wordpress plugin dukapress v2.5.9 | 9.8 |
| 2016-10-06 | CVE-2015-1000003 | SQL Injection vulnerability in Filedownload Project Filedownload 1.4 Blind SQL Injection in filedownload v1.4 wordpress plugin | 9.8 |
| 2016-10-05 | CVE-2016-6652 | SQL Injection vulnerability in Pivotal Software Spring Data JPA 1.10.2 SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call. | 5.6 |
| 2016-10-05 | CVE-2016-6419 | SQL Injection vulnerability in Cisco Secure Firewall Management Center SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. | 7.5 |
| 2016-10-03 | CVE-2016-7405 | SQL Injection vulnerability in multiple products The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. | 9.8 |
| 2016-09-17 | CVE-2016-5843 | SQL Injection vulnerability in Otrs FAQ Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters. | 9.4 |